Technical Role
SOC staff monitor information systems for alarms and conditions to prevent, detect and manage cyber-attacks and other IT security incidents. They normally follow processes and procedures based on information security management and computer security incident management. They often employ tools such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; penetration testing tools; intrusion detection systems (IDS); intrusion prevention system (IPS); log management systems; security information and event management (SIEM); network behavior analysis and denial of service monitoring; wireless intrusion prevention system; firewalls, enterprise antivirus and unified threat management (UTM).
The SOC typically scans applications and identifies security vulnerabilities and their potential business impact. The SOC works with the application business owners and IT staff to ensure understanding and help them appropriately correct weaknesses before they are exploited. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have business impact. The SOC manages incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported.
SOC engineers and watch officers are seasoned information and communication systems professionals. They are usually trained in computer engineering, cryptography, network engineering, or computer science and are credentialed (e.g. Certified Information Systems Security Professional (CISSP) from (ISC)², GIAC from SANS, or Certified Information Security Manager (CISM) from ISACA).
SOCs usually are well protected with physical, electronic, computer, and personnel security. Centers are often laid out with desks facing a video wall, which displays significant status, events and alarms; ongoing incidents; a corner of the wall is sometimes used for showing a news or weather TV channel, as this can keep the SOC staff aware of current events which may have an impact on information systems. The back wall of the SOC is often transparent, with a room attached to this wall which is used by team members to meet while able to watch events unfolding in the SOC. Individual desks are generally assigned to a specific group of systems, technology or geographic area. A security engineer or security technician may have several computer monitors on their desk, with the extra monitors used for monitoring the systems covered from that desk.
Read more about this topic: Security Operations Center (computing)
Famous quotes containing the words technical and/or role:
“Woman is the future of man. That means that the world which was once formed in man’s image will now be transformed to the image of woman. The more technical and mechanical, cold and metallic it becomes, the more it will need the kind of warmth that only the woman can give it. If we want to save the world, we must adapt to the woman, let ourselves be led by the woman, let ourselves be penetrated by the Ewigweiblich, the eternally feminine!”
—Milan Kundera (b. 1929)
“A few [women] warrant our attention not because they have the answer but because they have rejected the mentality that insists there must be one answer. What makes them role models is not how much or how little they work, how many or how few hats they wear, but rather how well they understand, and accept, that for all rewards there will be commensurate sacrifice; for all gains, some loss; for any pleasure, some pain.”
—Melinda M. Marshall (20th century)